← Back to Skills Marketplace
mirni

Skillguard

by mirni · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
88
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install gh-skillguard
Description
Run a complete security audit on any OpenClaw SKILL.md in one call. Combines malware scanning (SkillScan), permission scope analysis (ScopeCheck), and prompt...
README (SKILL.md)

SkillGuard

Full security audit of a SKILL.md — three checks, one call.

Start the server

uvicorn skillguard.app:app --port 8005

Audit a skill

curl -s -X POST http://localhost:8005/v1/audit-skill \
  -H "Content-Type: application/json" \
  -d "{\"skill_content\": $(cat path/to/SKILL.md | jq -Rs)}" | jq

Returns verdict (SAFE/CAUTION/DANGEROUS), total_findings, and three sub-reports:

  • scan — malware detection (safety_score, findings, verdict)
  • scope — permission analysis (declared vs detected, undeclared_access)
  • injection — prompt injection (risk_score, patterns_detected)

Why use SkillGuard instead of individual tools?

One call instead of three. Same price. Combined verdict logic: if the malware scan finds anything, it's DANGEROUS. If only scope or injection issues, it's CAUTION. Clean skill = SAFE.

Usage Guidance
This skill appears to do what it says: start a local server and analyze SKILL.md content. The main concerns are (1) the bundle does not include the 'products.skillscan', 'products.scopecheck', and 'products.promptguard' modules that the code imports — you need to verify where those come from and what they do at runtime, and (2) the registry-level install spec is incomplete compared to the SKILL.md metadata, so confirm the actual install steps. Before installing or running this on sensitive machines: review the implementations (or platform-provided sources) of the three product modules to ensure they do not send submitted SKILL.md content to external services or log it to remote endpoints, and ensure the pip install list is explicit and comes from trusted package sources. If you cannot inspect or verify those modules, treat the skill as untrusted and run it only in an isolated environment.
Capability Analysis
Type: OpenClaw Skill Name: gh-skillguard Version: 1.0.0 The gh-skillguard skill is a security auditing tool designed to analyze OpenClaw SKILL.md files for malware, permission scope discrepancies, and prompt injection risks. The provided code in skillguard/app.py and skillguard/models.py implements a standard FastAPI service that orchestrates these checks and returns a unified safety verdict. There are no indicators of malicious intent, data exfiltration, or unauthorized execution; the logic is consistent with its stated purpose as a defensive utility.
Capability Assessment
Purpose & Capability
Name/description match the code: the service runs three checks (SkillScan, ScopeCheck, PromptGuard) and returns a unified verdict. It only requires Python and common web-framework packages, which is proportionate for a local audit server.
Instruction Scope
SKILL.md instructs running a local uvicorn server and POSTing SKILL.md content; there are no instructions to read arbitrary host files or request unrelated credentials. The example uses 'cat path/to/SKILL.md' which is user-driven and not automatic.
Install Mechanism
Registry install metadata lists a generic 'uv' entry, while the SKILL.md metadata specifies pip packages (fastapi, uvicorn, pydantic, pyyaml). The package files in the bundle do not include the dependent 'products.*' modules the code imports, so the runtime will rely on platform-provided modules or additional installs. That mismatch is a risk: it is unclear what additional code will be present at runtime and whether it will be pulled from remote sources.
Credentials
The skill requests no environment variables, no credentials, and no config paths. The code does not itself read environment variables or secrets.
Persistence & Privilege
always is false, the skill does not request permanent inclusion or system-wide configuration changes, and there are no instructions to modify other skills or agent settings.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install gh-skillguard
  3. After installation, invoke the skill by name or use /gh-skillguard
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial public release of gh-skillguard with streamlined documentation and improved metadata. - Clarified and shortened the SKILL.md description for easier understanding - Updated metadata with emoji, improved install section, and structured requirements - Simplified usage instructions and included direct example for curl with jq - Clearly explained the unified reporting and combined verdict logic - Removed redundant/verbose request and response tables for readability
v0.1.1
- Added OpenClaw metadata specifying required binaries and install steps. - Updated installation instructions to include pydantic, matching the new dependency list. - Revised server startup and usage examples for clarity. - Clarified the difference between installation and usage sections.
v0.1.0
Initial release combining three security checks into one API: - Unified security audit for SKILL.md files with SkillScan, ScopeCheck, and PromptGuard in a single API call - Returns a structured, unified JSON report covering risky code, undeclared permissions, and prompt injection risks - Supports both hosted API and standalone FastAPI deployment - Simple request/response schema for easy integration
Metadata
Slug gh-skillguard
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 3
Frequently Asked Questions

What is Skillguard?

Run a complete security audit on any OpenClaw SKILL.md in one call. Combines malware scanning (SkillScan), permission scope analysis (ScopeCheck), and prompt... It is an AI Agent Skill for Claude Code / OpenClaw, with 88 downloads so far.

How do I install Skillguard?

Run "/install gh-skillguard" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Skillguard free?

Yes, Skillguard is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Skillguard support?

Skillguard is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Skillguard?

It is built and maintained by mirni (@mirni); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments